Managers tend to ask fewer questions when the provider is a known brand, such as Amazon, Google, Microsoft, or Salesforce. They've heard of those companies. But not every innovative tech company has a globally recognized brand.

There are thousands of "less-well-known" companies in the Software-as-a-Service (SaaS) space. These companies emerged, in part, because cloud computing services lowered costs. These SaaS startups don't have to buy servers, storage devices or software. Instead, these startups rent what they need with a credit card.

In other cases, a SaaS startup provides new capabilities. SmartSheet re-imagines the lowly spreadsheet as scaffolding to which files, calendar events and tasks can be attached. Writely.com, acquired by Google in 2006, enabled multi-user real-time document editing.

Different needs, different policies

When buying SaaS solutions, IT managers often try to force all buying through a single process that doesn't "scale down" well. Rigorous selection and purchasing requirements make sense when choosing a system to be used by thousands of people. Applying the same requirements to a system to be used by ten people can cause pain - and may prompt people to deploy rogue solutions.

Credit: Wikimedia.org - Ohio River at Louisville

I've sometimes found it helpful to think of IT policies in terms of "rivers and streams". Corporate-wide IT policies traditionally address the river: the major flows of information through the organization. The "river" of info includes core H.R. data, customer systems, accounting systems, enterprise collaboration tools, and so on. The "streams" are smaller information flows, such as data for small team projects. Information may need to flow back and forth between the two - but not always.

Your IT policies for the "river" of the enterprise-wide systems absolutely need detailed review and rigor. These are big, expensive decisions: "switching costs" to move from one platform to another may be high.

But you need IT policies for the "streams", as well. These policies might address basic security concerns, support terms, and data export issues. Guidelines might encourage users to choose systems that allow users to login with your organization's existing authentication system: e.g., Google Apps or Active Directory. Policies might also encourage users to identify a "data extraction" plan: SaaS providers always help move data into their systems, far fewer make it easy to move data out.

Innovation and sustainability

Switch your perspective for a moment - outside of your organization - to that of a CEO of a SaaS startup. As a startup CEO, you ultimately need two things: customers or a corporate acquisition. Your SaaS needs to meet customer needs or be sufficiently innovative to attract an acquirer (or, sometimes, an acqui-hirer). Pricing decisions in SaaS startups often acknowledge the higher risk: prices are lower than what they might otherwise be for a sustainable business, precisely because of the life cycle stage and goals of the startup.

Switch back to your role as an IT decision maker. Consider how you might take advantage of the capabilities and innovation startup SaaS providers offer. Remember, you don't need to turn your entire enterprise system over to the SaaS provider. Startup SaaS providers typically aren't ready to handle the information flows for an entire enterprise, but there's no reason to completely ignore the new capabilities these SaaS providers offer.

Make sure that IT policies designed to meet the "needs of the many," doesn't limit your organization's ability to leverage innovations designed to serve "the needs of the few."